Dave Sroelov wrote:
> being somewhat new to FW-1 i have come across something that is a little
> strange. if i set up a policy with one rule that says to reject all
> packet types from source=any to destination=any and log everything, why
> does ping still work?
> if i specifically add a rule to block icmp packets then ping stops. i
> would think that blocking 'all' packet types would block everything that
> FW-1 knows about, and it knows about icmp.
FW-1 checks among other things, BEFORE the Rule Base, is the Security
Policy. You may like to disbale the ping option in that. Alternatively,
you can set it as "last" where it will be processed last, after the
Systems Engineer (UNIX/Security) Tel: 65-4330469
Contact Sembawang Media Pte Ltd Fax: 65-4330433